CVE-2024-42486

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cilium versions 1.15.x through 1.15.7 Cilium version 1.16.0

Description The issue arises from incorrect propagation of ReferenceGrant changes in Cilium's GatewayAPI controller. This could lead to Gateway resources accessing secrets for longer than intended or Routes forwarding traffic to backends in other namespaces for longer than intended.

Recommendations For Cilium versions 1.15.x through 1.15.7, update to version 1.15.8. For Cilium version 1.16.0, update to version 1.16.1. As a temporary workaround, any modification of a related Gateway/HTTPRoute/GRPCRoute/TCPRoute CRD will trigger a reconciliation of ReferenceGrants on an affected cluster.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BIT-CILIUM-2024-42486

BIT-CILIUM-OPERATOR-2024-42486

BIT-HUBBLE-RELAY-2024-42486

CVE-2024-42486

GHSA-VWF8-Q6FW-4WCM

GO-2024-3074

Affected Products

Cilium

CVE-2024-42486

Weakness Enumeration

Related Identifiers

Affected Products

References · 18